The State of NoSQL Database Hacks with Cryptzone’s Jason Garbis (Podcast)

CryptzoneOn January 6, I received a notice that over 10,000 MongoDB databases have been deleted by various groups of hackers over the last few days, confirming today’s security models are broken. I was shocked and wanted to investigate further, so I connected with Cryptzone for comment and scheduled a podcast interview with Jason Garbis, CISSP and VP of Products at Cryptzone.

By the time we connected for the podcast, more than 30,000 NoSQL databases had been compromised, had their data deleted or stolen, and in many cases, ransoms demanded.

To combat this, Cryptzone has rolled out the latest version of its Software Defined Perimeter offering, AppGate. AppGate transforms network security, employing an “authenticate first, connect second” approach.

Jason’s notes about the MongoDB and other NoSQL database attacks:

“Attacks – such as those against NoSQL databases, are exceptionally damaging but frustratingly they’re also preventable.”

“Exposing any system to the ‘Internet Cesspit’ is fundamentally a bad idea. All systems have weaknesses – whether it’s a vulnerability, poor configuration or inadequate controls. It’s far too easy for an attacker to use Shodan (a powerful search engine) to discover and then violate them.”

“Rather than putting all of their systems in the shop window, particularly one that doesn’t even have any glass to protect it, companies must wake up to the realization that a new approach to network security is required. Taking an identity-centric approach, so one that only permits authorized users to access resources, would effectively brick up the window to anyone that doesn’t know its there, locking the attackers out and rendering their malware impotent.”

Preston and I interviewed Jason about these recent exploits and found that the solution to the problem is very simple, but obviously overlooked.

Podcast details: Length: 17:59 minutes. Format: MP3. Rating: G for all audiences.

Think about the security of any data that’s exposed directly to the Internet or that’s exposed via web application. Setup two-factor authentication as an added measure against data exploitation.

Ransom Where? Study shows office not home is a better target

Ransomware InfographicIBM released the results of a study that included complete surveys from 600 businesses and just over 1,000 consumers about their willingness to pay and their paid history with ransomware. The study found that 70 percent of businesses that have experienced ransomware attacks have paid the ransom. In contrast, fewer than 50 percent of consumers hit with ransomware would pay the ransom.

Ransomware extortion is a profitable business. Business executives stated that they would pay between $20,000 and $50,000 to regain access to ransomed data. While smaller businesses are generally better targets because of their lack of training and a general lack of protection, they are less desirable to attack because of their inability to pay large ransoms. Consequently, only 29 percent of the small businesses in the survey had experienced ransomware attacks. Ransomware has grown close to a $1 billion business and there’s no end in sight for the numbers of attacks or the extent to which criminals will go to cash in on victims.

Consumers, who overwhelmingly stated that they would not pay a ransom, changed their minds when asked about paying to regain access to financial data and to their mobile devices. Some consumers would pay $100 or more to the extortionist, however ransoms usually are in the $500 or higher range. 55 percent of parents who have digital pictures of family and children are more willing to pay ransoms to regain access, while only 39 percent of non-parents would pay.

Ransomware is software that locks data using encryption techniques. Once infected, users can’t access the data. The ransomware writers demand a fee paid, usually in bitcoin (a virtually untraceable electronic “currency”), to gain access to the data via a passcode supplied by the extortionist.

Almost 50 percent of the businesses surveyed experienced ransomware attacks and 70 percent of those paid ransoms. Half of those who paid ransoms paid over $10,000 and 20 percent paid over $40,000. Close to 60 percent of the business respondents stated that they would pay a ransom to recover their data.

There are some things you can do to prevent becoming a ransomware victim. IBM’s X-Force experts recommend the following:

  • Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
  • Backup Your Data: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
  • Disable Macros: Document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection.
  • Patch and Purge: Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access.

The three most valuable pieces of advice that we, at SecurityNOW, can offer consumers and businesses is a) Train everyone to delete suspicious emails that manage to make it through your spam detection, b) Keep your computers and devices updated and patched, and c) Use an anti-malware program on every device you own, especially those used by children and less-skilled users.

Looking at Intent-based Security and Rethinking Application Security with Twistlock CEO Ben Bernstein (Podcast)

twistlock

Preston and I interviewed Twistlock CEO Ben Bernstein about his company’s approach to container-based security from a new perspective known as intent-based security, which also has us rethinking application security. Ben gives us an overview of intent-based security and a detailed explanation of why a new perspective is important to application security.

  1. Ben’s concept of intentbased security is evolving not only the way organizations build applications as DevOps adoption, and with it container adoption, continues to rise, but also rethinking the approach to application security to address fundamental application intent issues
  2. Why it is so difficult for IT, security and dev teams to look at an app and deduce intent
  3. Why attacks on the application layer are harder to detect than the network layer and more difficult to contain
  4. How to effectively add security to a container-based implementation of DevOps

Podcast details: Length – 20:55 minutes. MP3 format. G rating for all audiences.

Get your own copy of the ebook mentioned in the podcast, “How to Securely Configure a Linux Host to Run Containers“.

As discussed in the podcast, don’t assume anything about security for your container hosts or your containers. Container hosts must be thoughtfully secured, because if someone compromises your host; he owns your containers. Securing applications and their containers requires more than cursory security tests. You must build your applications with security in mind and you must also securely build your containers for those applications.

What’s Your Cyber Promiscuity Score? Find Out With NetWatcher (Podcast)

NetWatcherI had a good discussion with NetWatcher CEO, Scott Suhy, who described NetWatcher’s Cyber Promiscuity Score and how it will help your company identify its security vulnerabilities. Security vulnerabilities range from poor passwords to users who are susceptible to social engineering to systems that lack updated patches. Scott Suhy and NetWatcher offer free software to assess your Cyber Promiscuity for a single system. To assess your entire network is very affordable ($300/month) and $37.00 per phone support call. Listen to the podcast to learn more.

Podcast details:

Format: MP3     Length: 22:13 mins.      Rating: G.

Scott Suhy, NetWatcher CEO
Scott Suhy, NetWatcher CEO

Through continuous network security monitoring, NetWatcher serves as a 24/7 watchdog for your data and network. Our team of cyber security experts monitor your network and provide the managed security services you need to grow your business.

NetWatcher’s founders have a vision that every small and medium size enterprise should have access to the same cyber security protection that the Fortune 1000 have at their disposal.  The NetWatcher team believes that cyber security protection should be easy to install, easy to use, easy to understand, highly accurate and affordable for any size organization.

Druva’s Dave Packer on Cloud Backup and Security (Podcast)

DruvaDave Packer, Head of Corporate and Product Marketing at Druva and I spoke about Druva’s In-Sync and Phoenix products, security, backup, restore, and disaster recovery. We also discussed how your data is encrypted in flight during backup, how it’s stored encrypted, and how you get restored via an encrypted link. I also told him how much I love Druva In-Sync because it never bogs down my workstation for backup–in fact, I never know it’s running.

Podcast details:

Format: Mp3. Length: 29:58mins. Rating: G.

The Cloud and the Myth of Data Protection: Podcast with CTERA’s Jim Crook

CTERAIf you presume that your cloud solution protects you from data loss, you’d better think again and listen to this podcast about cloud data protection. CTERA‘s Senior Product Marketing Manager, Jim Crook, discusses cloud data protection survey results, mentions a free ebook, and gives an overview of cloud data protection, ransomware, and keeping your business operational through it all.

Preston, Jim, and I want to enlighten everyone to the fact that just because you have your data in the cloud, it’s not necessarily protected from loss. Accidental deletion, disasters, malware, and service failure can lead to data loss and outages for your business. Get the scoop on making some good decisions about protecting your data in this podcast.

Podcast Details:

Format: MP3. Length: 23:08 mins. Rating: G.

CTERA was founded by IT security veterans, who in 2008 identified the transformation that cloud computing would bring to enterprise IT, and the challenges this transformation presented for infrastructure management, data governance, privacy and security.

Hacking the Vote – Interview with Dana Simberkoff (Podcast)

November 8, 2016Preston and I had the pleasure of speaking with Dana Simberkoff, Chief Compliance and Risk Officer at AvePoint. Dana, Preston, and I discuss the cybersecurity threats to voting polls and how voters can keep their own information safe.

Podcast details:

Format: MP3. Length: 20:01 mins. Rating: G for all audiences.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Related story: How Hackers Could Send Your Polling Station into Chaos